Who we are
DT Information Governance Ltd is a privately-owned training and consultancy company. We carry out these services for a range of clients and it is very important to us that we respect the privacy and protection of personal data. This Privacy Notice sets out how we process personal data (information) that we may collect during our work with you or when you contact us, how we will use it responsibly and how we keep it safe and secure. It also demonstrates our commitment to complying with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA).
We are the ‘Controller’ of the personal data you provide to us. Our Data Protection Officer is Deborah Topping. You can contact her at email@example.com.
What data we need
We collect personal data about you that includes name, address, email and contact number.
We will not ordinarily collect any special types of information such as health information (unless this is necessary for food allergies or accessibility on one of our public courses); and we will not collect any personal data from you we do not need in order to provide the services to you.
How we get the information and why we have it
Most of the information we process is provided to us directly by you for one of the following reasons:
- You are a client that we are working with and we need to collect this information to enable us to work with you;
- You have asked or agreed (consented) to join our mailing list where we may provide you with updates on our services;
- We are monitoring contracts and performance of these;
- You are joining a training course with us;
- You have visited our website and cookies have been applied or accepted.
We may also receive information indirectly, from the following sources in the following scenarios:
- Your employer if they are our client;
- The charity that you are a trustee or volunteer for when the charity is our client;
We will also use the data or information you provide to us to create invoices which will be recorded on our invoice/payment records.
Why we need it – Our legal bases
We have a number of legal bases for processing your information in line with GDPR. These vary depending on the work or support we are providing to you.
Where we have agreed to work with you, or to provide with you with training, our legal basis will be a contractual obligation.
Where you have joined our mailing list, the legal basis will be consent. You are able to withdraw or remove your consent at any time by contacting us at firstname.lastname@example.org .
To enable us to operate and administer our business, and to ensure that we can business plan effectively, we have a legitimate interest in processing some personal information. This helps us to remain accountable to our clients.
How we store your personal data
Keeping personal data safe and secure is important to us and we have policies and procedures to do this. We use Microsoft 365 Business Standard to store your personal data and emails. Where possible we will store your data in the UK, however, the service provider may use storage facilities within the EU/EEA. Our devices have passcode or fingerprint authentication and all software including antivirus/firewall is kept up to date.
We ensure that we have contracts in place for any external service providers such as our accountant, who may have access to name and address for the purpose of preparing accounts.
We use Trello for task management and when we work with you, we may include your name in the task detail if this is appropriate.
We do not…
We do not allow any other third parties to have access to your personal data unless we are required to share your data with them by law or we are ordered to do so by a Court.
We do not transfer your personal data to third countries outside of the EEA. We do not make automated decisions on your data, nor do we use your data for profiling purposes.
How long we keep it
We have a retention schedule which details how long we keep data for. In general we will keep it for a period that is required by law, for example financial records or HMRC records will be kept for 6 years, contracts will be kept for 6 years after the end date of the contract. We may keep personal data for longer if have consented to us keeping it or you have asked us to keep it.
When we no longer need to keep your personal data, we will then dispose of this by secure shredding (paper records) or by secure and permanent deletion (electronic records).
What are your rights?
You have a number of rights relating to the processing of your personal data. You can ask to see the personal data that we hold about you (known as a Subject Access Request), or even as us to correct it or have it deleted.
Where you have provided personal data with consent, you can withdraw this consent at any time. Please send an email to email@example.com with the subject “withdraw consent” if you wish to do this.
You are not required to pay any fee for exercising your rights. If you do make a request, we have one month to respond to you. Please contact us at firstname.lastname@example.org if you wish to make a request.
More information on your rights can be found on the Information Commissioner’s website at www.ico.org.uk .
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, Telephone 0303 123 1113 (local rate) or by email to email@example.com.
We only use analytical cookies on our website.